Got Firefox? Upgrade to 3.6.2.

Upgrade Me

If you’re running Firefox 3.6, Mozilla strongly recommends you update to version 3.6.2. The new version corrects a critical security hole allowing an attacker to crash your browser and/or run arbitrary code on your machine.

The Security Warning advises:

Mozilla Foundation Security Advisory 2010-08

Title: WOFF heap corruption due to integer overflow
Impact: Critical
Announced: March 22, 2010
Reporter: Evgeny Legerov
Products: Firefox 3.6

Fixed in: Firefox 3.6.2

DESCRIPTION

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system.

Note: Support for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine.

REFERENCES

Firefox recommends that all users upgrade to version 3.6.2 to correct this issue. The product can be downloaded from their website or by using the Check for Updates feature of the software.

This entry was posted in tech and tagged , by Fred. Bookmark the permalink.

About Fred

The reason this site exists can be found in two words... Patrick and Fred. Fred Posner designs and implements VoIP solutions through Team Forrest and LOD.com. Favoring Open Source solutions (such as Asterisk, FreeSWITCH, and Kamailio), Fred enjoys working with organizations to increase productivity while reducing cost. If you’d like to contact Fred, please do so through QXORK.com. You should also check out Dream Day Cakes.

4 thoughts on “Got Firefox? Upgrade to 3.6.2.

  1. Pingback: Firefox 3.6.2 Corrects Vulnerability | TEAM FORREST Blog

  2. Pingback: Fred Posner

  3. Pingback: mjgraves

  4. Pingback: Firefox Security Vulnerability (Not an April Fool’s Joke) | VoIP Tech Chat

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>